1d1649d1-e2e5-4b38-90c1-cd6363

1stBrowser Installer

SIEN S.A.

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file 1d1649d1-e2e5-4b38-90c1-cd6363 by SIEN S.A has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the SIEN SuperInstall installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from 113.171.224.204 and multiple other hosts.
Publisher:
The 1stBrowser Authors  (signed by SIEN S.A.)

Product:
1stBrowser Installer

Version:
42.0.2311.98

MD5:
0a31bd6940f7685e3acfce0f4f158335

SHA-1:
ebc6fa9fb1b69b27ba10f61d085d6f52900b1328

SHA-256:
f9869282393d0a141b16d9cab71490a8ace83cfb142bc7498ef90e308fc34935

Scanner detections:
3 / 68

Status:
Potentially unwanted

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/24/2024 4:52:35 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.7062

Dr.Web
Adware.Iminent.59
9.0.1.0236

Reason Heuristics
PUP.Sien.SIENSA.Bundler (M)
15.8.24.12

File size:
39 MB (40,889,488 bytes)

Product version:
42.0.2311.98

Copyright:
Copyright 2014 The 1stBrowser Authors. All rights reserved.

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\1d1649d1-e2e5-4b38-90c1-cd6363

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
2/17/2015 3:45:29 AM

Valid to:
6/12/2016 1:20:39 AM

Subject:
E=support@sien.com, CN=SIEN S.A., O=SIEN S.A., L=Paris, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112158A643D1C958507AAB7FE826772BFA60

File PE Metadata
Compilation timestamp:
8/20/2015 3:15:36 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:rZ6bNZERf1pnBOgtFS97olLR2yKCUWpYOASzryKk1S5tne/AFiiZQQNy41:rZ6bNO9yYW7+LEyKC8SzWtE4GiiZQay6

Entry address:
0x209E

Entry point:
6A, 00, FF, 15, A4, 40, 40, 00, 50, E8, FC, 08, 00, 00, 59, 50, FF, 15, 90, 40, 40, 00, CC, 55, 8B, EC, 81, EC, 14, 02, 00, 00, 53, 56, 8B, 75, 14, 85, F6, 0F, 84, BE, 00, 00, 00, FF, 75, 08, 8D, 4D, F8, FF, 75, 0C, FF, 75, 10, E8, BB, 0C, 00, 00, 8D, 4D, F8, E8, D8, 0C, 00, 00, 84, C0, 0F, 84, 9D, 00, 00, 00, 8D, 4D, F8, E8, D0, 0C, 00, 00, 83, F8, 01, 0F, 82, 8C, 00, 00, 00, 8D, 4D, F8, E8, BF, 0C, 00, 00, 3B, 05, EC, 14, 40, 00, 77, 7C, FF, 36, 33, C0, BB, 04, 01, 00, 00, 66, 89, 45, F4, 66, 89, 85, EC...
 
[+]

Entropy:
8.0000

Packer / compiler:
FASM v1.3x

Code size:
8 KB (8,192 bytes)

The file 1d1649d1-e2e5-4b38-90c1-cd6363 has been seen being distributed by the following 2 URLs.

http://113.171.224.204/.../1d1649d1-e2e5-4b38-90c1-cd6363b53ec0.exe

Remove 1d1649d1-e2e5-4b38-90c1-cd6363 - Powered by Reason Core Security